On 13 December 2010, the Australian Securities and Investments Commission (“ASIC”) released Regulatory Guide 221 (“RG 221”) and Class Order 10/1219 (“CO 10/1219”) with the aim of clarifying existing law governing the online disclosure of financial services disclosure documents, such as Product Disclosure Statements (“PDSs”), Financial Services Guides (“FSGs”) and Statements of Advice (“SOAs”), by financial services providers (“Providers”) to their clients or clients’ agents.
Uncertainty about the current law
While the Corporations Act 2001 (“Act”) permits online delivery of disclosure documents in many cases, ASIC felt that many Providers had been discouraged from using online disclosure methods because of uncertainty about what specific practices are permitted by the current law and regulations. The primary areas of uncertainty included:
- the extent to which a Provider must take steps to be satisfied that the client or client’s agent has received the disclosure documents when delivered via online methods (i.e. whether there needs to be online tracking of the email or website link to record whether the client has opened / viewed the disclosures);
- whether prior client consent to the use of online disclosure methods was required, and if so, whether consent must be express or can be inferred by the client’s conduct; and
- whether the requirement that disclosure documents must be ‘readily accessible’ to the client in the future prevented the use of online disclosure methods where indefinite access could not be guaranteed (e.g. a hyperlink to a website which subsequently became inaccessible for an indefinite period of time due to power failure, server upgrade or scheduled maintenance downtime).
The effect of CO 10/1219
CO 10/1219 has confirmed the general principle that online disclosure methods may be used by a Provider to provide product disclosure documents to their clients or clients’ agents.
Additionally, the class order has provided relief in relation to the extent to which a Provider must be satisfied that a client or clients’ agent has received, or been “given”, the disclosure by stating that:
- PDSs, FSGs and SOAs may be delivered by sending clients a written notice (paper or electronic) with a reference to a website address where the disclosure can be found; and
- PDSs and FSGs, but not SOAs, may be delivered by sending clients an email with a hyperlink to the disclosure (ASIC has stated that SOAs are not permitted to be delivered by hyperlink in order to reduce the risk that clients will be exposed to security risks such as ‘phishing’).
The use of such online delivery methods remains subject to the Provider having obtained prior client approval to do so, which may be verbal or in writing.
RG 221 confirms that the requirement of continued access does not prevent the use of hyperlinks or website address links when delivering disclosure documents. However, ASIC has suggested that Providers:
- instruct clients to retain an electronic or printed copy of the disclosure documents; and
- ensure the disclosure documents remain accessible for a reasonable period of time (ASIC considers 2 years would be reasonable for most disclosures).
Good practice guidance in RG 221
RG 221 sets out good practice guidelines for the online delivery of disclosure documents to ensure that clients continue to receive clear, concise and effective information.
These guidelines are summarised as follows:
- Easy to retrieve and read: documents should be easy to retrieve and read. A direct link to the disclosure should be provided if possible and the link should be to the first page of the document. If the link provided is a generic website address or does not take the client directly to the disclosure, clear instructions should be provided on how to access the disclosure. The disclosure should be no more than ‘3 clicks’ away from the website homepage;
- Clearly identifiable: document titles and versions should be clearly marked and identifiable as part of a specific disclosure document;
- Reasonable efforts to ensure receipt: where a client has agreed to receive online disclosure, the Provider should make reasonable efforts to ensure that the client has received the disclosure by delivering the disclosure to an email address provided by the client, or where the disclosure is delivered by making it available on a website, send the client a paper or electronic notification to the client’s email address;
- Copy retention / future access: clients should be able to keep a copy of the disclosure so that they canaccess it in the future. The Provider should direct clients to retain an electronic copy, or where practical, a printed copy of the disclosure. The Provider should also ensure that the disclosure remains accessible from the link provided for a reasonable period;
- Provider to record disclosures: the Provider must retain a copy of all disclosures and record when each version was made available so that clients can prove which version of the disclosure they relied upon (records of which should be kept for a minimum 7 year period). Where disclosure is provided online, the Provider should make it clear to the client that they can request a copy of the disclosure at no cost during this period;
- Clients can change disclosure method: providers must make it easy for clients to unsubscribe from receiving disclosures online and to request paper copies of the disclosure at no cost to themselves; and
- Client security is paramount: the Provider must ensure that disclosures are delivered to clients in a way which minimises their exposure to security risks (e.g. ‘phishing’). Where disclosure is provided by email, it is preferable that the Provider gives clients a reference to the website address with instructions on how to find the disclosure rather than a hyperlink to the disclosure. If a hyperlink is used the email message should make it clear that the client will not be asked to provide their personal details.
What does this mean for you?
ASIC’s guidance has provided much needed clarification for Providers with regard to acceptable use of online disclosure methods when providing financial services disclosure documents to their clients or clients’ agents.
Providers should familiarise themselves with the relief granted under CO 10/1219 and good practice guidelines in RG 221 so as to ensure that current disclosure practices are in accordance with relevant law and regulations.